Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-14
CVE-2026-21307 - Substance3D - Designer Plugin
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Designer
CVE-2026-21307
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21306 - Substance3D - Sampler Plugin
Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Sampler
CVE-2026-21306
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21305 - Substance3D - Painter Plugin
Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Painter
CVE-2026-21305
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21287 - Substance3D - Stager Plugin
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Stager
CVE-2026-21287
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21308 - Substance3D - Designer Plugin
Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Designer
CVE-2026-21308
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21304 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21304
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21283 - Bridge Plugin
Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Bridge
CVE-2026-21283
Risk Score
Threat Entry
Updated 2026-02-03
CVE-2026-22791 - Opencryptoki Plugin
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
PLUGIN
Opencryptoki
CVE-2026-22791
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21288 - Illustrator Plugin
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Illustrator
CVE-2026-21288
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21280 - Illustrator Plugin
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Illustrator
CVE-2026-21280
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21281 - InCopy Plugin
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InCopy
CVE-2026-21281
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21277 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21277
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21276 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21276
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21275 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21275
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21278 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21278
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21272 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21272
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21271 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21271
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21268 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21268
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21267 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21267
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21274 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Dreamweaver Desktop
CVE-2026-21274
Risk Score